Back to home

Privacy policy

Data controller

The controller responsible for data processing is Beyer & Jdaa IPM Consulting GbR, Bahnhofstr. 76, 25715 Eddelak, Germany, represented by Marco Beyer und Anass Jdaâ, email: info@ipm-consulting.org.

Please direct any privacy-related enquiries to the email address given above.

Principles and legal bases

We process personal data only to the extent necessary, on the basis of the GDPR — in particular for the performance of a contract and for pre-contractual measures (Art. 6(1)(b)), to comply with legal obligations (point (c)), on the basis of legitimate interests (point (f)), and, where required, on the basis of your consent (point (a)).

Hosting in Germany

ordNX is operated on servers in Germany. A data processing agreement pursuant to Art. 28 GDPR is in place with the hosting provider. No data processing takes place outside the EU/EEA as a result.

When you visit the website (server logs)

When the website is accessed, the server automatically processes technical access data (including IP address, date/time, resource accessed, referrer, user agent) in server log files, to the extent this is necessary for secure and stable operation. The legal basis is Art. 6(1)(f) GDPR. The log files are deleted or anonymised after a short period.

Cookies

We use only technically necessary cookies (Section 25(2) TDDDG, the German Telecommunications-Digital-Services-Data-Protection Act): in particular a session cookie for sign-in (payload-token). We do not use tracking, analytics or marketing cookies; a cookie banner is therefore not required.

Registration, account and use of the service

To use ordNX you create an account. We process the data provided in this process (including company and contact details, username, sign-in credentials, role) in order to provide and manage the service. The legal basis is Art. 6(1)(b) GDPR or point (f). Passwords are stored exclusively as a cryptographic hash.

Data processed on your behalf

Where you, as a customer, enter personal data belonging to your own companies, contacts and business transactions into ordNX, we process this data solely on your behalf and in accordance with your instructions (Art. 28 GDPR). In this respect, you are the controller and we are the processor; details are governed by the data processing agreement (DPA).

Purposes of processing

We process data to provide and manage the CRM service, to communicate with you (e.g. demo and contact enquiries), to fulfil contractual and statutory obligations, and to ensure IT security.

Contact and demo enquiries

We process contact and demo enquiries received by email solely to handle your enquiry and any follow-up questions (Art. 6(1)(b) and (f) GDPR). The data is deleted once it is no longer required for this purpose.

Recipients and processors

Data is disclosed only where necessary for the performance of a contract or required by law. Our processor is in particular our hosting provider (Hetzner Online GmbH, Germany). We will provide you with a complete, up-to-date list on request.

Retention period

We store personal data only for as long as necessary for the purposes stated, or as required by statutory retention periods (e.g. Section 257 HGB, Section 147 AO, German Commercial Code / Fiscal Code). Account and contract data is deleted or returned after the end of the contract in accordance with the DPA.

Your rights as a data subject

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), and to object to processing based on Art. 6(1)(f) (Art. 21 GDPR). You may withdraw any consent given at any time with effect for the future.

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority is the Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD) [Independent Centre for Privacy Protection Schleswig-Holstein], Holstenstraße 98, 24103 Kiel, Germany, mail@datenschutzzentrum.de.

Data security

Data is transmitted using TLS encryption. We take appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect data (including access control, tenant-separated data storage, encryption in transit, password hashing, and regular backups).

Currency and changes

This privacy policy is updated whenever processing activities or the legal situation change. The version published on ordnx.com at any given time applies.

Privacy policy — ordNX